The History and Mathematics of Codes and Code Breaking

Tag: weak encryption

Inviting Suspicion

We generally don't bother to encrypt messages if we have nothing to hide. By using a code or cipher, it's implied that the contents are sensitive or illicit in nature. In fact, as Singh points out, they're likely to be more explicit because the encryption lulls the sender into a false sense of security and they write more openly about their plans. So by putting too much faith in an easily breakable cipher, you risk incriminating yourself further.

In addition, by using a cipher or code that is easily identifiable as such, you automatically invite suspicion.  In her trial, Mary claimed she knew nothing about the plot, but even without decrypting the message, it was clear she was corresponding with conspirators. Also, the fact that she didn't write her message in plain text implies she was concealing something. In situations like these, it may be better to stick to some sort of code that masks the message as something innocuous, or some sort of steganography that hides the secret message within another. By finding a way to hide a message in plain sight, it helps divert suspicion in the first place rather than relying on an imperfect cipher once you've drawn attention.

Never Trust A Weak Encryption

In the first chapter of The Code Book by Simon Singh, he states that “a weak encryption is worse than no encryption at all”. A weak encryption is worse than no encryption at all because the sender and receiver of the message believe that the message is secure. A weak encryption leads to a false sense of security. If someone was to send a message with no encryption, they would know that their message was floating around and would be more cautious. People that send encrypted messages should always be mindful of what information their message contains. Over time many messages can be decrypted, and a sender of an encrypted message should remain mindful of that. No one should put all of their trust into a encryption since the message could possibly be deciphered. People that want to keep their messages secret should keep their messages very vague even if they are encrypted. There is always a chance that a message can be decrypted, so the sender should not only rely on a encryption to make sure that their message is secure. Mary Queen of Scots should have been vaguer with the messages that she sent. Since she truly believed that her messages would not be decrypted, she was not withholding the information that she sent. Her trust in the encryption led to her execution.


How to Keep Communication Relatively Safe through Cryptography

"A weak encryption can be worse than no encryption" because it gives the communicators a false sense of security (41). As a result, they would fail to conceal their meaning in writing and use plain language.

What's communicated throughout the chapter is that one form of encryption is never enough. If one only employs the method of stenography, the message could be completely compromised upon discovery by the enemy. On the other hand, reliance on one form of cryptography is likewise reckless. Even in Queen Mary's case, as she employs several methods to conceive her message, the secret was still easily discovered.

To keep communication safe through the usage of cryptography might mean multiple forms of cryptography. For example, a substitution mixed with transposition, which adds an additional layer of protection. While that might still be insufficient, one could always choose to hide words by using secret language codes (unlike the codes adopted in encryption). For instance, "to assassin Queen Elizabeth" could be written as "to execute the sailing plan". In Queen Mary's case, such communication could have saved her from facing the death penalty.

Cryptography is only adopted when the messengers can't meet in person, in which case some form of written message has to be created. The key and algorithm, however, are always vulnerable to the risk of being deciphered. Cryptanalysis developed alongside cryptography. Thus, the security of encryption depends on how long it's going to take for the enemy to decipher the code. In other words, cryptography is a highly time-sensitive tool. The complexity of encryption could largely increase security, while also decreasing efficiency to communicate for all parties involved.

The Consequences of a Weak Encryption

"On page 41, Singh writes, “The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.”  What does Singh mean by this and what does it imply for those who would attempt to keep their communications secret through cryptography?" (Question 1)

When encrypting messages, having a weak cipher can severely jeopardize the security of the message that is trying to be hidden. In the example in the book, Mary Queen of Scots was oblivious to the fact that her encrypted messages were being solved easily, and because of this, she and Babington made clear in their "secret" message that the plan was to kill Elizabeth. Had they not only encrypted their message but also made vague the exact components of their plan, it is possible that there wouldn't have been enough evidence against Mary Queen of Scots. If instead they had used no encryption, it is likely that they wouldn't have been so open and clear about discussing their plans. This most likely wouldn't have helped their plan work that much better, though it could have possibly saved Mary Queen of Scots from being executed.

The notion that "a weak encryption can be worse than no encryption at all" is a good rule that all cryptographers should abide by. This pushes cryptographers to focus hard on making extremely strong ciphers, especially in today's society where technology makes it much easier to crack codes in short periods of time. And, while encrypting messages, cryptographers should also make sure to keep their messages vague, so that only the intended recipient who knows the context should be able to decipher the decrypted message. Having a strong encryption and a specific message designed only for the recipient almost completely ensures privacy.

The Achilles Heel of Mary Queen of Scots: A Weak Cipher

Arnie: Why is a weak cipher worse than no cipher at all?

The cipher that Mary Queen of Scots used in this chapter was able to be broken, and in this case, having no cipher at all would have been better than the weak one that was used. He says that because they believed their communication was secure, the Queen and her accomplices became too complacent. The contents of their letters were far more incriminating because the conspirators believed that even if the letters were found, they would most likely just look like gibberish. With frequency analysis, even a somewhat strong cipher can be cracked over time if someone has the right resources, which the Queen of England most definitely did. If Mary had just used cryptic language that was vague and concealed the letters in the same manner, even if they were found, they would have been much less incriminating and she would most likely not have been sentenced with the death penalty. Because of her complacency and her blind trust in the cipher she was using, she let down her guard, and this ultimately led to her demise. This is what Singh means by the fact that sometimes a bad cipher is worse than no cipher at all.

I think that the same thing could be said about passwords on the internet today. If something has a weak password it may be worse than having no password at all. If there is a hacker trying to get your data, they are probably more likely to try and hack into password protected websites, because that is where more sensitive information is normally stored. If your password is "12345678," it may be worse than having the same information on a non password protected website because hackers may be less likely to look there. I think even in the modern era, the idea that no cipher is better than a weak one is still applicable in some senses.

A Weak Cipher Turned Enemy's Advantage

The quote “weak encryption can be worse than no encryption at all” describes the phenomenon in which sender of an encrypted message is more likely to state clearly and in detail his or her intentions than when writing a unencrypted message with full knowledge the enemy will be inspecting the text. When writing an unencrypted message, the sender will be more inclined to make the contents of the message vague so it is understood by the receiver but confusing to the interceptor. The sender would also take caution not to reveal any secrets in the message which could benefit the enemy or implicate the sender and allies because the sender is acutely aware of the lack of encryption. However, when a text is encrypted the sender has faith in the security of the encryption and writes messages believing the enemy will not be able to interpret the text. As the in case of Queen Mary’s cipher, she and Anthony Babington did not consider the possibility their cipher could be broken and thus, they communicated their plans of revolt explicitly. Furthermore, weak encryption in particular is dangerous because it can be easily cracked and used by the enemy to deceive the correspondents. This is perfectly illustrated in the case of Queen Mary's cipher which was broken by Thomas Phelippes and used against Queen Mary and Babington to incriminate Babington’s men. 

This implies for those who encrypt secret messages, they should still communicate vaguely, as though their messages are not encrypted and are being inspected by enemy eyes before reaching the receiver. Additionally, correspondents of encrypted messages should be cautious when writing implicating secrets, as Babington was not, resulting in the capture of his men. Babington could have better protected the identities of his men by describing their qualities in his message without revealing their names. When a cipher is used, the strength of its security should be kept in mind, as a weak cipher could become an enemy's advantage. As the cipher of Mary Queen demonstrates, unsuspecting faith in the security of a cipher can be more dangerous than using no cipher.

Assume the Worst

Before the Vigenère cipher, a simple monoalphabetic substitution cipher was the most advanced encryption. This is a weak way of coding however, as an encryption is only as strong as the key used to create it, and tools such as frequency analysis make this easy to conquer. Any code could be broken if the person who intercepted it was well acquainted with basic deciphering methods. The best way to protect your secret message was to assume that anyone could intercept and decipher your code. It was a given that before the Vigenère cipher was invented, that no encryption was completely safe. That being said, not many people realized this and truly thought they were keeping their secrets safe. A perfect example of this is Mary Queen of Scots.

Mary Queen of Scots spent her time imprisoned sending encrypted messages back and forth with a conspiracy group. Mary, along with the rest of the group, ignorantly thought that no one was able to crack their "master" encryptions. As a result they talked about many sensitive topics, especially the coup to overthrow the Queen of England. Their false sense of security led to their demise because, in reality, their code was very easy to break. They thought that their code was unbreakable, however, there was no sure way to know how accurate this claim was. Mary downfall was underestimating the environment in which she lived. She assumed that no one would be smart enough to break her code, but as she soon learnt, an encrypted message can be cracked to spill the secrets it contains.

The Vulnerability of A Weak Encryption

Having been arrested for the murder of her husband and imprisoned by her cousin Queen Elizabeth, Mary Queen of Scots was in a extremely vulnerable position. Any correspondence between Mary and the outside world would need to be of the highest concealment, so she and her correspondent Babington utilized a nomenclature that consisted of code words and a cipher alphabet. After successfully exchanging messages using this system, both believed that this system would be strong enough to formulate a plan for her escape and Queen Elizabeth's assassination. This false sense of security proved to be more risky and dangerous, as opposed to any lack of security or encryption.

In the case of Mary Queen of Scots, her trust in both her method of sending messages and in her seemingly weak encryption led to her arrest and subsequent execution. Their naive trust led Babington to even fall victim to the forgery of Thomas Phelippes, a man working in close quarters with Sir Francis Walsingham. Since the fact that her codes had be cracked was unbeknownst to Mary, she exchanged incriminating evidence and was ruthlessly killed instead of staying safely imprisoned.

Through the story of Mary Queen of Scots, Singh portrays the idea that while utilizing cryptography can work in favor of those wanting to keep information secret, it also can serve to do more damage than good. Sometimes making an attempt to keep something concealed is not necessarily better than no attempt at all. In this case, they missed the opportunity to be discreet in their messages and keep all serious information to themselves. Singh is not only giving important information about Mary Queen of Scots' story, but also warning cryptographers that are unaware of the power of cryptanalysis that can break even the codes that they perceive to be secure.

Mary's dilema with a weak encryption

Mary, Queen of Scots, said that a weak encryption can be worse than no encryption at all. Mary and Babington started with a good encryption but as cryptanalysis progressed in England they failed to change there code and make it stronger. This allowed Queen Elizabeth's men to crack the encryption and forge letters to Mary and Babington.

This ability to crack the code and use it against your enemy is what Mary was warning of. Their weakened code was cracked with ease and Mary and Babington were unaware that their cypher had been broken. Mary and Babington were placed in a false sense of security that left them writing the entirety of the plans in their letters. When Walsingham's men discovered the letters and broke the encryption, they knew they had sufficient evidence to execute Mary and Babington.

Mary and Babington were not prepared for the encryption to be broken. They believed that hiding the letters and encrypting them were sufficient when in reality they had led themselves to their own demise. A weak encryption is far more worse than no encryption at all because you place yourself in a false sense of security and rely heavily on the strength of your encryption to keep you safe. As seen in the case of Queen Mary, she was killed because she did not prepare for the worst.

Mary Queen of Scots's and Babington's Ignorance in Assuming Security

Imprisoned for 18 years in England, Mary Queen of Scots welcomed the idea for a plan to escape the prison cell. However, as the plan was developed through writing, the use of an encryption system, even if it was weak, provided Queen Mary and Babington with a sense of security that prompted them to outlines all plans within these letters. This feeling of falsely assumed security not only put them at risk of their letters being deciphered easily, but also indicated through the use of an encryption system that the letters contained covert information.

As the courier or double agent encountered these encrypted messages it caused them to be immediately examined in order to determine its contents. To England's advantage, the use of the weak encryption enabled the letter's message to be exposed, and also granted the ability to be tampered with so Walsingham, one of England's ministers, could acquire sufficient evidence to prosecute both Queen Mary and Babington with concrete details of their involvement.

Had the letters not been encrypted, not as much information regarding the plan would have been revealed leaving the English without unwavering evidence which could have prevented Queen Mary's death sentence. The weak encryption was the underlying reason for Queen Mary's death sentence.

The trial of Queen Mary served to illustrate that ignorance of one's surroundings and trust is deadly. If coded information needs to be transported between two parties, steganography is not enough. A mixture of both steganography and a complex cipher must be utilized. The hiding of the letters adds one level of security but in the case of Queen Mary and the potential presence of a double agent, a complex cipher, not a nomenclature, should be utilized to ensure letters found cannot be interpreted by the unintended reader.

In conclusion, those who need to keep their communication a secret must prepare for the worst scenario. However, even the most remote hiding location or complex cipher cannot ensure complete secrecy. As a result, those who participate in cryptography must always recognize the risk of being exposed.





Powered by WordPress & Theme by Anders Norén